Installer acme.sh sur votre vcenter.
Connectez-vous en ssh à votre vcenter
cd ~
wget 'https://git.9r.com.au/projects/OPENSRC/repos/acme.sh/raw/acme.sh?at=refs%2Fheads%2Fmaster' -O acme.sh
chmod 755 ./acme.sh
./acme.sh --installacme.sh --issue -d example.com --dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-pleaseAjoutez le champs TXT généré par acme, rechargez votre dns.
acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-pleaseVoila nos clés acme sont prêtes. Nous allons les importer dans notre système à l’aide des outils vmware.
root@vmware [ ~/.acme.sh ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.7 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Option[1 to 8]: 1
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Performing operation on distributed setup, Please provide valid Infrastructure Server IP.
Server : hostname.9r.com.au
1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate
2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate
Option [1 or 2]: 2
Please provide valid custom certificate for Machine SSL.
File :
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Mettre les chemins des clées généré plus haut.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Please provide valid custom certificate for Machine SSL.
File : /root/.acme.sh/mondomaine.fr/mondomaine.fr.cer
Please provide valid custom key for Machine SSL.
File : /root/.acme.sh/mondomaine.fr/mondomaine.fr.key
Please provide the signing certificate of the Machine SSL certificate
File : /root/.acme.sh/mondomaine.fr/fullchain.cer
You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : y
Command Output: /root/.acme.sh/mondomaine.fr/mondomaine.fr.cer: OK
Get site nameCompleted [Replacing Machine SSL Cert...]
default-site-name
Lookup all services
Get service default-site-name:2f828f98-80ae-4414-8e29-8f5bc4ffeca8
Don't update service default-site-name:2f828f98-80ae-4414-8e29-8f5bc4ffeca8
... etc ...
Update service 345572a0-1b95-4b1e-8652-4e7e21ed251c; spec: /tmp/svcspec_renwzveb
Get service 53c2d21f-144e-4779-85ff-4cf5e180d001
Update service 53c2d21f-144e-4779-85ff-4cf5e180d001; spec: /tmp/svcspec_nutupa2h
Updated 27 service(s)
Status : 85% Completed [starting services...]
... this takes a while ...
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Les clées sont importées et les services redémarre, attention le processure est un peu long comme un demarrage de vcenter.
Soyez patient.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Status : 100% Completed [All tasks completed successfully]
root@vmware [ ~/.acme.sh ]#Et voila connectez-vous à votre vcenter comme d’habitude.
Attention pour l’instant il n’y a pas de renouvellement auto.